The Covid-19 pandemic threw a lot at IT teams: sudden and wide-spread remote working, unprecedented reliance on video calls and email, and having to sort all of this without collaborating in person. This crisis management over an extended period may have meant that crucial aspects of your IT have been neglected. With lockdown measures easing, now is the time to adopt a renewed focus on improving your cyber security programme.
How has Covid-19 impacted the security of your IT?
Over the course of 2020/2021 the Covid-19 Pandemic caused disruption to every element of running a business, and the cyber security of your IT is no exception. The business world as we knew it, will forever be changed by the pandemic and there are aspects that won't ever go back to how they were (e.g. how common it is to work from home).
The pandemic has interfered with your digital risk management in several specific ways:
1. 2020 was spent putting out fires
IT teams spent 2020 overhauling the systems they're responsible for to get their entire company ready for remote working. They then had to cope with having no or limited access to the physical IT in the office, while providing remote technical support to their colleagues. According to a report from Ivanti:
63% of IT professionals had their workloads increase when their company made the switch to remote working.
With all of that going on certain responsibilities had to be deprioritised, and cyber security management updates may well have been delayed. Out of date or unknowingly faulty security protocols won't provide the protection a modern business needs against cyber attackers.
2. It's never been easier to remotely access your IT system
With your entire company setup to be working from home, your IT system is constantly being connected to remotely. While you will have undoubtedly setup VPNs and similar security protocols, setting them up to seamlessly allow mass remote working may have created an opportunity for an attack. SecureLink explain the potential security issues with a VPN, and how "Hackers often use VPNs to gain access to networks".
Additionally, there is now a high number of devices with security protocols for your IT out in the world, that could be stolen and used by attackers.
3. Staff didn't have anyone in person to consult
With everyone working from home it's more difficult to ensure everyone is following secure best practices, and if your staff aren't sure on how to proceed they don't have anyone on hand to ask. This is related to being responsible with their devices, but also covers a wide range of potential security risks that a lack of awareness can cause, from phishing attacks to baiting. Social engineering attacks often leverage fear and anxiety, and the pandemic has created this aplenty. World Economic Forum explains how attackers took advantage of the situation:
It all began in March with scams and phishing efforts related to the COVID-19 emergency, such as impersonations of authority figures like the WHO and other global and governmental institutions.
Tips on how to bolster your cyber security post-pandemic
A new threat landscape can be dealt with using old and new cyber security solutions. Below are our tips on how to ensure you've got a comprehensive cyber security system in place, dealing with the upheaval of the pandemic and the new ways of working.
1. Update your cyber security policies
Review and refresh your cyber security policies to better reflect your post-pandemic IT system and ways of working. A risk assessment will help you identify quick fixes like introducing automatic locking on unattended devices and multi-factor authentication.
2. This is the exact situation vulnerability scanning was designed for
Vulnerability scanning does what it says on the tin: it scans your system and flags any known vulnerabilities that your team might have missed while they were putting out proverbial fires during the pandemic.
3. Accelerate your patching for critical systems
Related to vulnerability scanning, having up to date applications (especially security applications) is essential to protect your data. Ensure that critical systems are regularly patched to avoid discovered vulnerabilities.
4. Train your staff so they're up to date on security best practices
If you train your staff to understand why security-related mistakes are so dangerous, and how to avoid them, then it won't matter that everyone's remote because they won't need any additional guidance. There are plenty of training schemes out there, like Mimecast's, to help you get your staff up to speed.
5. Buying cyber attack insurance can be a cost-effective protection
Being the victim of a successful cyber attack can completely disrupt a business, and so there are insurance policies you can purchase to help you recover. The beauty of this is, with the right coverage, its a safety net that can save your business if your cyber security programme fails you.
6. Consider outsourcing with some managed cyber security services
Some of the ways that Covid-19 has changed the business landscape aren't going to go away post pandemic. This means that your IT team will have to continue providing remote IT support alongside all of their other business critical tasks to keep your system up to date.
Outsourcing some of your cyber security solutions reduces the pressure on your IT team, and guarantees that your IT will be protected even if something new has caused serious disruption to your in-house IT team. Examples of cyber security services you can outsource include:
- Managed backups
- DDoS mitigation
- Managed firewalls
Now is the time to focus on your cyber security
The pandemic has been hard on everyone, and unfortunately businesses will be feeling its effects for a while yet. But keeping your data protected and having safety nets like backups and insurance will be one of the crucial factors in keeping your business going through this turbulent time. Staying in business through the pandemic only to be shutdown by a devastating cyber attack would be a real shame.
If you want to learn more about working with a data centre and colocation , or where we can help you boost your resilience, performance and cyber security why not get in touch to talk to one of our experts.